Enxèro Systems processes personal data on behalf of our customers as a Data Processor, in full alignment with DPA Act, 2019 (Kenya) and the EU GDPR
You determine the purpose and means of processing personal data and are responsible for compliance with applicable laws and regulations.
We process personal data only on your documented instructions to provide our services. We do not determine the purpose or means of processing.
Appropriate technical and organizational measures
Access control and authentication
Encryption in transit and at rest (when appropriate)
Continuous monitor and logging
Secure infrastructure and reliable operations
Process data only on your instructions
Keep personal data confidential and secure
Ensure our team and partners follow strict data protection obligations
Notify you promptly in the event of a personal data breach
Assist you with data subject rights requests
Return or securely delete data when our services end
Provide clear instructions at any time
Request information about processing
Manage data subjects rights and requests
Request return or deletion of personal data
Revoke instructions subject to legal or contractual restrictions
We act as a Data Processor under a valid contract (this DPA) and process personal data based on your lawful instructions
When data is transferred outside your jurisdiction, we implement proper safeguards in line with GDPR requirements